Data Classifications

The following classifies data at three levels of sensitivity with examples. Data owners who are unsure where their data falls within this schema can contact the University Secretariat or the Information Security Office for clarification.

Data owners who identify information as either Sensitive or Highly Sensitive are to consult the Data Protection Standards on how to properly manage these assets through its life cycle. 

Non-Sensitive (Public)

  • Information made freely available to anyone
  • Department locations, telephone numbers, hours of operation, Email addresses

  • Department websites, published reports, campus maps

  • Course descriptions, rates and fees


  • Restricted to authorized parties on a need-to-know basis

  • Restricted to the collector(s) and the originator(s)
  • Student records, student and employee numbers, grades and transcripts

  • Financial records, University credit card numbers

  • Human resource records, donor information, policy information

Highly Sensitive

  • Information relating to an identifiable person

  • Data where protection is mandated by law or contract
  • Personal credit card or other banking information

  • Personal health information, Social Insurance Numbers, age, sex

  • Research data and intellectual property

  • Payroll information

  • Internal audit reports